HP V1910 Configuring

Guest VLAN

You can configure a guest VLAN on a port to accommodate users that have not performed 802.1X authentication or have failed 802.1X authentication, so they can access a limited set of network resources, such as a software server, to download anti-virus software and system patches. After a user in the guest VLAN passes 802.1X authentication, it is removed from the guest VLAN and can access authorized network resources.

The device supports guest VLAN on a port that performs port-based access control. The following table describes the way how the device handles VLANs on such port.

	Authentication status	VLAN manipulation
	No 802.1X user has performed	Assigns the 802.1X guest VLAN to the port as the default
	No 802.1X user has performed	VLAN. All 802.1X users on this port can access only resources
	authentication within 90 seconds after
	authentication within 90 seconds after	in the guest VLAN.
	802.1X is enabled or the 802.1X user has	in the guest VLAN.
	802.1X is enabled or the 802.1X user has	If no 802.1X guest VLAN is configured, the access device does
	failed 802.1X authentication
	failed 802.1X authentication	not perform any VLAN operation.
		not perform any VLAN operation.

	A user in the 802.1X guest VLAN fails	The default VLAN on the port is still the 802.1X guest VLAN. All
	802.1X authentication	users on the port are in the guest VLAN.

		∙ Assigns the VLAN specified for the user to the port as the
		default VLAN, and removes the port from the 802.1X guest
		VLAN. After the user logs off, the user configured default
	A user in the 802.1X guest VLAN passes	VLAN restores.
	A user in the 802.1X guest VLAN passes	∙ If the authentication server assigns no VLAN, the user
	802.1X authentication	∙ If the authentication server assigns no VLAN, the user
	802.1X authentication	configured default VLAN applies. The user and all
		configured default VLAN applies. The user and all
		subsequent 802.1X users are assigned to the
		user-configured default VLAN. After the user logs off, the
		default VLAN remains unchanged.

NOTE:

The device assigns a hybrid port to an 802.1X guest VLAN as an untagged member.

ACL assignment

You can specify an ACL for an 802.1X user to control its access to network resources. After the user passes 802.1X authentication, the authentication server, either the local access device or a RADIUS server, assigns the ACL to the port to filter the traffic from this user. In either case, you must configure the ACL on the access device. You can change ACL rules while the user is online.

Configuring 802.1X

Configuration prerequisites

∙Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.

∙If RADIUS authentication is used, create user accounts on the RADIUS server.

∙If local authentication is used, create local user accounts on the access device and set the service type to lan-access.

For how to configure RADIUS client and local EAP authentication, see the chapter “AAA configuration”.

329